Cybot

• 

  Landing Page

• 

  SOC Dashboard

• 

  Wifi Forensics

• 

  EDR and SIEM Dashboard

• 

  Department Analysis

• 

  Hardware used

• 

  Hardware Architecture

• 

  Threat Report Form

Inspiration

As we know A successful cyber-attack can cause major damage to your business. It can affect your bottom line, as well as your business' standing and consumer trust. The impact of a security breach can be broadly divided into three categories: financial, reputational, and legal.

One of the biggest misconceptions, especially among small and medium businesses, is that they are too small or insignificant to be attacked. However, data suggests that nearly 50% of attacks in the US are aimed at small businesses owing to their lack of robust security measures. Only those businesses that are well-prepared and well-equipped are the ones that will be able to mitigate such attacks or at least minimize the impact of successful attacks.

The latest UK government survey showed that in the last 12 months, 39 per cent of UK businesses identified a cyber-attack. Within this group: • 31 per cent of businesses estimate they were attacked at least once a week • 1 in 5 say they experienced a negative outcome because of an attack • In terms of material outcomes, the average estimated cost of cyber-attacks in the last 12 months is £4,200. However, within the medium and large businesses group, this figure rises to £19,400.

What it does

CYBOT-A Smart Cyber Security Bot System will offer high-quality IT & data protection, Data Analytics Solution with a virtual Security Operation Centre for small and medium scale businesses, start-ups & all other firms who doesn't have cyber security team and provides an in-depth customizable collection of managed cybersecurity services. With a team of security experts, it provides feature like Wi-Fi monitoring and forensics, Security information and Event management system (SIEM), End-Point Detection and response (EDR), Security Operation Centre (SOC) Dashboard for Log Processing, Automated Threat surveillance, Remote manageable system with live monitoring, mobile threat defense, comprehensive vulnerability management, and application security among other services, it not only supports endpoint protection but also threat investigation across firewalls, servers, and more data sources and help organizations and security practitioners through the complexities of cybersecurity to ensure their security posture is future-ready.

How we built it

This is a hardware and Software based smart security bot system especially for the Security Operation Centre (SOC) Teams in Companies, this monitor and detects various cyber-attacks. This bot analyses file’s binaries and assembly code and Compare/Analysis those with various hashing algorithm for malicious signatures & examine code for suspicious properties through antivirus API. It also MITRE attack, Heuristics & Behavior based detection.

With the help of master and slave concept and here the raspberry pi device that is to be installed at the company’s premises acts as a Bot and Master and all the computers and devices in the company’s premises can act as a slave. The bot will ensure that all the data packets and filtered and the effect of threat can be resolved under isolation area that ensure that no slave devices get affected due to any threat. The employees can also report a threat directly through a form and our SOC team will help them resolve any threats.

End-Point Detection and Response (EDR):

Centralized access to continuously recorded endpoint data means that security professionals have the information they need to hunt threats in real time as well as conduct in-depth investigations after a breach has occurred. So, this leverages AV Datasets & API for Thread detection and Active response. EDR used actively detect and mitigate threads • Threat detection • Detecting Vulnerabilities and anomalies • Integrity monitoring • Incident response • Compliance

Security information and Event management (SIEM):

Utilizing advanced analytics to identify and understand intricate data patterns, event correlation provides insights to quickly locate and mitigate potential threats to business security. This is done using deep log processing method. SIEM captures event data from a wide range of source across an organization’s entire network. Logs and flow data from users, applications, assets, cloud environments, and networks is collected, stored and analyzed in real-time, giving IT and security teams the ability to automatically manage their network's event log and network flow data in one centralized location.

Wi-Fi Scanning & Forensics:

A wireless monitoring system which results in better organized, searchable, sortable manner with visualization support. This also leverages SQlite DB for wireless forensics purposes and the wireless phase which focuses on researching the 802.11 packets to detect anomalies in the Wi-Fi networks through caching then into SQlite DB for futuristic analysis and enhance better security on the wireless phase of the company.

SOC Data Analytics Dashboard :

The Admin panel of Cybot will access to Cyber Security Operation Centre Dashboard built with the help BI Tool, the dashboard will consist of multiple pages like Homepage showcasing the high level KPIs and redirection to other subpages, Department Analysis will provide insight of the department where breaches occurs, Breach Analysis will provide insight of type of breaches which occurs more often, A Summary page will provide basic understanding of analysis of the Cybersecurity breaches occurred in the past and how many breaches are currently open and closed, Average time for breach closure, Number of employees are affected by it, Employee ranking will provide ranking of the employee who solved the most breaches and all other details and the User Panel will have a report option to flag a breach or threat through a form which will be data source for the Admin Cyber Security Operation Centre Dashboard.

Challenges we ran into

The main challenge we faced was integrating all the features like End-Point Detection and Response (EDR), Security information and Event management (SIEM), Wi-Fi Scanning & Forensics, SOC Data Analytics Dashboard in Bot and website and configuring the data from hardware bot to in the form of web Application.

Accomplishments that we're proud of

The Accomplishments that we're proud of is that there is no such existing solution in the market and we have built the entire project from an idea to reality and we are proud to say that our project is ready to market solution and we are proud that our solution can help small and medium scale businesses, start-ups & all other firms who doesn't have cyber security team and protect their business from cyber threats and attacks.

What we learned

We tried hands on with a cool collection of technology stacks like Raspberry pi, Alfa Card, Elastic Search, SQLite DB, Python, Bash Scripting, PHP, MySQL, HTML, CSS, JavaScript, XML, Power B and understood the importance of Security Operation Center and how it works and how cyber attacks can impact the businesses

What's next for Cybot

We look forward to add few features and train the bot to be industry standard ready and we also really looking forward to launch Cybot in the marketplace and help small and medium scale businesses, start-ups & all other firms who doesn't have cyber security team and protect their business from cyber threats and attacks.

Built With

• alfacard
• bash
• css
• elasticsearch
• github
• html
• javascript
• mysql
• php
• powerbi
• python
• raspberry-pi
• sqlite
• xml